ID CVE-2014-9294
Summary util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
References
Vulnerable Configurations
  • NTP 4.2.7
    cpe:2.3:a:ntp:ntp:4.2.7
CVSS
Base: 7.5 (as of 28-01-2015 - 17:54)
Impact: 6.5
Exploitability:10.0
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
Certvn vFeed
certvuid VU#852879
certvulink http://www.kb.cert.org/vuls/id/852879
Hp vFeed
hpid HPSBPV03266
hplink http://marc.info/?l=bugtraq&m=142469153211996&w=2
Mandriva vFeed
mandrivaid MDVSA-2015:003
Nessus vFeed
nessus_script_family Red Hat Local Security Checks
nessus_script_file redhat-RHSA-2014-2024.nasl
nessus_script_id 80160
nessus_script_name RHEL 6 / 7 : ntp (RHSA-2014:2024)
Openvas vFeed
openvas_script_family Debian Local Security Checks
openvas_script_file deb_3108.nasl
openvas_script_id 703108
openvas_script_name Debian Security Advisory DSA 3108-1 (ntp - security update)
Oval vFeed
cpeid
ovalclass patch
ovalid oval:org.mitre.oval:def:28264
ovaltitle USN-2449-1 -- NTP vulnerabilities
Redhat vFeed
redhatid RHSA-2014:2025
redhatovalid oval:com.redhat.rhsa:def:20142025
redhatupdatedesc RHSA-2014:2025: ntp security update (Important)
Scip vFeed
scipid 68457
sciplink http://www.scip.ch/en/?vuldb.68457
Redhat_Bugzilla vFeed
advisory_dateissue 2014-12-20
bugzillaid 1176037
bugzillatitle CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets
redhatid RHSA-2014:2025
Last major update 12-03-2015 - 02:01
Published 20-12-2014 - 02:59
Last modified 03-01-2017 - 02:59
Back to Top